ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Report
Search
Home > List all groups > SideWinder, Rattlesnake

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link APT group: SideWinder, Rattlesnake

NamesSideWinder (Kaspersky)
Rattlesnake (Tencent)
T-APT-04 (Tencent)
APT-C-17 (Qihoo 360)
CountryIndia India
MotivationInformation theft and espionage
First seen2012
Description(Kaspersky) An actor mainly targeting Pakistan military targets, active since at least 2012. We have low confidence that this malware might be authored by an Indian company. To spread the malware, they use unique implementations to leverage the exploits of known vulnerabilities (such as CVE-2017-11882) and later deploy a Powershell payload in the final stages.
ObservedSectors: Defense, Government.
Countries: Afghanistan, Bangladesh, China, Myanmar, Nepal, Pakistan, Qatar, Sri Lanka.
Tools usedBroStealer, callCam.
Operations performedMar 2019First Active Attack Exploiting CVE-2019-2215 Found on Google Play, Linked to SideWinder APT Group
<https://blog.trendmicro.com/trendlabs-security-intelligence/first-active-attack-exploiting-cve-2019-2215-found-on-google-play-linked-to-sidewinder-apt-group/>
Mar 2022SideWinder’s malicious document, which also exploit the Russia-Ukraine conflict, was uploaded to VT in the middle of March.
<https://research.checkpoint.com/2022/state-sponsored-attack-groups-capitalise-on-russia-ukraine-war-for-cyber-espionage/>
May 2022Group-IB Threat Intelligence researchers have discovered a new malicious infrastructure and a custom tool of the APT group SideWinder
<https://blog.group-ib.com/sidewinder-antibot>
Information<https://securelist.com/apt-trends-report-q1-2018/85280/>
<https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/fireeye-sidewinder-targeted-attack.pdf>
<https://medium.com/@Sebdraven/apt-sidewinder-tricks-powershell-anti-forensics-and-execution-side-loading-5bc1a7e7c84c>
<https://s.tencent.com/research/report/479.html>
<https://s.tencent.com/research/report/659.html>
<https://cdn-cybersecurity.att.com/docs/global-perspective-of-the-sidewinder-apt.pdf>
<https://thehackernews.com/2022/05/sidewinder-hackers-launched-over-1000.html>

Last change to this card: 19 July 2022

Download this actor card in PDF or JSON format

Previous: SideCopy
Next: Siesta

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]